Overview

overview

10

Static

static

1

code.ps1

windows10-1703-x64

10

code.ps1

windows10-2004-x64

10

code.ps1

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    code.ps1

  • Size

    130B

  • Sample

    240704-2lbq2awala

  • MD5

    a18ee846019bfeb04eb7f15c2b9fd86a

  • SHA1

    71b3b13a9351241124d605681f7d81e56e7ef321

  • SHA256

    d38a97f0d4cf8706ecf5da15ff500bddd6a96228c4c2cd65be19afdaee9523db

  • SHA512

    4b4bb2e4bb5d968c8079b1cfcefddcd0496b87140fec8d7abfc062633ee3bcd6f76efd9aa794a5b3cdfb2ad33404d7e5ffb9b396c75a3eccf3565bcf5b537f92

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      code.ps1

    • Size

      130B

    • MD5

      a18ee846019bfeb04eb7f15c2b9fd86a

    • SHA1

      71b3b13a9351241124d605681f7d81e56e7ef321

    • SHA256

      d38a97f0d4cf8706ecf5da15ff500bddd6a96228c4c2cd65be19afdaee9523db

    • SHA512

      4b4bb2e4bb5d968c8079b1cfcefddcd0496b87140fec8d7abfc062633ee3bcd6f76efd9aa794a5b3cdfb2ad33404d7e5ffb9b396c75a3eccf3565bcf5b537f92

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks